The all new
CBS News App for Android® for iPad® for iPhone®
Fully redesigned. Featuring CBSN, 24/7 live news. Get the App

Health apps may pose major privacy concerns

Many health apps share users' data with third parties, a new study finds.

istockphoto

Mobile health apps are a popular way to track personal information for overall health and fitness as well as specific medical conditions. But new research suggests they may pose some serious privacy concerns.

The study, published today in the Journal of the American Medical Association, found that many health apps transmit sensitive medical information, such as disease status and medication compliance, to third parties, including aggregators and advertising networks.

For the study, researchers from the Illinois Institute of Technology Chicago-Kent College of Law identified all available Android diabetes apps and collected and analyzed their privacy policies and permissions. Apps for Apple devices were not included in the study.

The authors installed a random selection of the apps to determine whether data were transmitted to third parties, defined as any website not directly under the developer's control.

After six months, 211 of the apps remained available. The authors found the majority of these apps -- over 80 percent -- had no privacy policies at all. Of the 41 apps that did have privacy policies, not all of the provisions actually protected privacy. For example, more than 80 percent collected user data and almost 50 percent shared data.

Only four policies said they would ask users for permission to share data.

The authors conducted another analysis that included 65 diabetes apps, which found that sensitive information -- including insulin and blood glucose levels -- was routinely collected and shared with third parties.

The authors note that the sharing of sensitive health information by apps is generally not prohibited by law and patients should be aware and consider the potential risks when using them.

"This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties," they wrote. "Patients might mistakenly believe that health information entered into an app is private (particularly if the app has a privacy policy), but that generally is not the case. Medical professionals should consider privacy implications prior to encouraging patients to use health apps."

  • Ashley Welch On Twitter»

    Ashley Welch covers health and wellness for CBSNews.com